4 Replies Latest reply on May 3, 2013 6:08 AM by njoylif

    Alerts being closed automatically!

    romuloinfo

      Hi fellas,

       

      I'm new here and I recently installed Alert Central in my enviroment for previous tests before deploying the tool to my NOC.

      The case is, all the alerts that are coming to Alert Central are being closed, without any treatment.

       

       

      I have only one alert source which is an SolarWinds Orion.

      The message that appears on the alert is "Alert Central closed the alert".

       

       

      How can i configure the tool to not to close any alert until an action are taken by an operator?

       

       

      Anyone here had this problem?

        • Re: Alerts being closed automatically!
          jschreiner

          Alerts that are reset or stop being alerts in Orion automatically change to closed.  They aren't alerts anymore and are instead just events after they are out of alert conditions.

           

          What I find frustrating is that once they are assigned they don't close themselves. 

          • Re: Alerts being closed automatically!
            neilgmt

            I noticed this morning the same issue but not an alert for an Orion product.  As as test I set up our Websense system to send alerts to our alertcentral email account.

             

            This morning I came into 95 alerts that had all been closed due to:

             

            Capture.JPG

            These alerts state when any suspicious activity has taken place on our proxy and therefore would not be reset, as would need to be investigated.  As you can see below they have all been closed automatically:

             

            Capture1.JPG

            Any explanation on why this occurs, or at least how I can stop this from happening?

             

            Thanks

              • Re: Alerts being closed automatically!
                njoylif

                verify you have a group set up using the "groups" tab.

                then...set up/review the below:

                first, look at your settings -> configure alert sources <where ever these alerts are coming from> -> look at routing.

                figure out what group it is getting assigned to <if not assigned, then assign to a group>

                now go to calendar and create an "on-call" schedule for that group.

                 

                to validate default actions of any given group -> click on groups tab and edit the "escalation policy" area.  see below:

                group esc.png